Tarah Wheeler: Calls for a U.S. Bureau of Cyber Statistics

Tarah Wheeler, CISO at TPO Group, told a Senate committee in 2024 that the cybersecurity field lacks central statistics and reliable public data and urged a federal repository.

Tarah Wheeler testified to the Senate Committee on Homeland Security and Governmental Affairs in 2024, saying the cybersecurity industry lacks central statistics and dependable public data. She urged creation of a federal repository of cyber data to provide consistent measures of incidents and defensive outcomes.

Wheeler told the committee that security professionals and policymakers often rely on vendor marketing, selective corporate figures and media narratives instead of systematic, verifiable evidence. She recommended a Bureau of Cyber Statistics to collect and publish standardized incident, impact and defense metrics.

In her testimony she pointed to recent federal workforce reductions affecting technical testing and validation roles. Wheeler cited more than 700 positions removed since 2025 and deep cuts at a lab responsible for encryption testing, and said the loss of technical staff reduces capacity for independent scientific assessment.

Wheeler described her background across offensive and defensive operations, including roles on red teams, purple teams and in SecOps. Her career includes positions at Microsoft, Silent Circle, Symantec and Splunk. She serves as CISO at Red Queen Technologies and as CSO at TPO Group, a consultancy for critical industries and federal clients.

She listed practical questions that lack reliable answers without central statistics: how often to run phishing tests, how to manage identity at scale, how many attacks organizations should expect and accept each year, and the return on investment for cyber insurance. Wheeler said the absence of standard benchmarks makes it hard to assess policy choices and compare outcomes across sectors.

Wheeler has written on cyber policy and careers, authored a book on women in technology, produced policy papers for institutions including the Council on Foreign Relations and Harvard’s Belfer Center, and served as a security fellow at New America. She is a life member of the Council on Foreign Relations and sits on the board of the Electronic Frontier Foundation.

She warned about replacing empirical research with marketing frameworks or vendor rankings. “It’s very difficult to tell if I am truly building my knowledge base, or if I’m just stacking hype on hype in my brain,” she told the committee, pointing to the risk that decision makers may base choices on incomplete or biased information.

Wheeler called for clearer, evidence-based metrics and for rebuilding technical capacity in public institutions that can produce them. She said improved public data would allow organizations to make risk-based decisions and enable repeatable, measurable security practices.

Articles by this author

No posts found.